Anthropic’s Project Glasswing has sparked plenty of discussion about what AI might soon do for vulnerability discovery, but the more useful question for most security teams is how to prepare for, and more importantly seize the opportunity of, what comes next. As we wrote in our earlier blog, What Project Glasswing Means for Security Leaders , AI is becoming more capable of finding software flaws. The pressure that follows lands on the teams responsible for deciding what matters, validating risk, assigning ownership, and getting remediation moving across environments that were already hard to manage. We believe that the organizations that will benefit most from the next wave of AI will be the ones that understand their environment well enough to use these emerging AI models with intent, rather than layering them onto immature processes and hoping that speed alone will solve the backlog. What this moment means for security teams The number of publicly tracked software vulnerabilities has broken records almost every year over the last decade, while supply chain risk has continued to rise. Most teams were already feeling the strain of more findings than they could process cleanly. The Common Vulnerabilities and Exposures (CVE) program, the standard system for identifying and tracking known vulnerabilities, recorded 48,185 disclosures in 2025, a 20% increase over 2024, with roughly 40% of those disclosed vulnerabilities rated high or critical. The pace in 2026 was already working out to hundreds of new CVEs per day when those figures were cited. That tells you something important about the current environment: the challenge has not necessarily been a lack of findings, but instead converting a growing stream of findings into measurable risk reduction. The reality is that very few organizations are going to hand a model free rein over their most sensitive environments the minute those capabilities become more widely available. Trust will be built in stages: early adoption is much more likely to focus on backlog reduction, triage support, patch testing, and repetitive lower-tier remediation work that consumes time without carrying the same level of operational risk as the most critical systems in the business. That is a more realistic starting point, and it leads to a more useful question. Before teams apply AI more broadly, they need to understand their environment well enough to use it intentionally. Establish the foundation before layering in AI The promise from Project Glasswing and almost every other AI-powered security initiative is quite similar: leverage AI to identify patterns, summarize risk, suggest fixes, and speed up repetitive work. Regardless of technology, success still depends on how well an organization understands its environment, the context around each finding, and the process used to act on it. A model can generate more output than a team ever could on its own, but that output becomes noise if the organization cannot answer basic qu
Security & IT News
LiveReal-time news from 13+ trusted sources — BleepingComputer, The Hacker News, Krebs on Security, Dark Reading & more.
This is part of a series of blogs and interviews conducted with our Microsoft Deputy CISOs , in which we surface a number of mission-critical security recommendations and best practices that businesses can enact right now and derive real meaningful benefits from. In this article, Ilya Grebnov, Deputy CISO for Microsoft Dynamics 365 and Power Platform at Microsoft dives into cyberattacks of opportunity and how to prevent them. When your infrastructure powers thousands of organizations and millions of users, security is not a feature. It is the foundation you build everything else upon. I’m the Deputy CISO for Microsoft Dynamics 365 and Microsoft Power Platform. You may know Dynamics 365 as a cloud-based suite of intelligent business applications that unify customer relationship management (CRM) and enterprise resource planning (ERP) capabilities to help organizations manage sales, customer service, finance, supply chain, and operations more effectively. Power Platform is a low-code suite of tools that empowers both technical and non-technical users to analyze data, build custom applications, automate workflows, and create intelligent virtual agents. It does this by connecting to various data sources through Microsoft Dataverse and integrating seamlessly with not only Dynamics 365 but Microsoft 365 as well. What might be a little less obvious is that together, these two suites make up what is quite possibly the largest internal business group fully running on Azure at Microsoft. With such a large cloud footprint of our own, and as an important part of the broader Microsoft cloud offering, it’s highly important that we take our digital security seriously. We must remain vigilant against all manner of threats and align our defenses with Secure Future Initiative (SFI) and One Microsoft principles. I could talk for quite some time about many aspects of security, but I want to focus in on a topic I see mentioned less often than it should: avoiding attacks of opportunity. These are attacks launched by individuals who find ways into systems adjacent to our domains and who move laterally into our space. Maybe they’re looking for our data itself, or maybe they want to use our space as a means locate the company’s crown jewels elsewhere. To start with, I’d like to cover credential elimination, endpoint reduction, and identity controls. These are strong security practices that everyone can pick up right away. After that, I want to cover the benefits of platform engineering, which delivers some very important security advantages to organizations ready to take it on. Join the Microsoft CISO Digest distribution list Credential elimination and the benefits of managed identities Most attackers don’t break into your network. They log in with stolen credentials. While good password hygiene helps reduce this behavior, a more reliable solution is removing credentials from the system entirely. Internally, we rely on a simple principle: if a workload can authenticate wi
ZionSiphon malware targets OT water systems with sabotage and ICS scanning capabilities
Over 130,000 users are at risk from fake TikTok downloader extensions on Chrome and Microsoft Edge. Researchers discovered these malicious tools use device fingerprinting to spy on users and steal sensitive browser data.
Microsoft is warning of threat actors increasingly abusing external Microsoft Teams collaboration and relying on legitimate tools for access and lateral movement on enterprise networks. [...]
Formbook attacks use combination of DLL Side-Loading and Obfuscated JavaScript to stay hidden, researchers at WatchGuard have uncovered
Vercel blamed its breach on an earlier hack at Context AI, which allowed hackers to hijack a Vercel employee's account to steal customer data.
Remove unwanted objects from video effortlessly with AI in 2026. Learn step-by-step methods, best tools, and pro tips to clean up your footage like a professional.
Backups protect data, but don't keep your business running during downtime. Datto shows why BCDR is essential to keep operations running during ransomware and outages. [...]
Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push payloads. It’s not breaking systems—it’s bending trust. There’s also a shift in how attacks run.
A British man, believed to be the leader of the Scattered Spider cybercrime collective, has pleaded guilty in the United States to charges of wire fraud and aggravated identity theft. [...]
FortiGuard Labs has identified a Mirai-based Nexcorium campaign actively exploiting CVE-2024-3721 in TBK DVR devices
Tyler Robert Buchanan, a 24-year-old British hacker linked to Scattered Spider, admits to a multi-year US hacking scheme involving at least $8M in crypto theft.
Microsoft is rolling out multiple File Explorer changes to Windows 11 users in the Insider program, including improvements to launch speed and performance. [...]
div class="OutlineElement Ltr SCXW232133708 BCX8" p The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm). a href="#note1" sup 1 /sup /a Axios is an HTTP client for JavaScript that developers commonly use in Node.js and browser environments. nbsp; /p /div div class="OutlineElement Ltr SCXW232133708 BCX8" p On March 31, 2026, two npm packages for versions code [email protected] /code and code [email protected] /code of Axios npm injected the malicious dependency code [email protected] /code that downloads multi-stage payloads from cyber threat actor infrastructure, including a remote access trojan. a href="#note2" sup 2 /sup /a /p div class="OutlineElement Ltr SCXW205905216 BCX8" p CISA urges organizations to implement the following recommendations to detect and remediate a potential compromise: /p /div div class="ListContainerWrapper SCXW205905216 BCX8" ul li Monitor and review code repositories, continuous integration/continuous delivery (CI/CD) pipelines, and developer machines that ran code npm install /code or code npm update /code with the compromised Axios version. ul li Search for cached versions of affected dependencies in artifact repositories and dependency management tools. Pin npm package dependency versions to known safe releases. /li /ul /li /ul div class="OutlineElement Ltr SCXW94631961 BCX8" p If compromised dependencies are identified, revert the environment to a known safe state. nbsp; /p /div div class="ListContainerWrapper SCXW94631961 BCX8" ul li Downgrade to code [email protected] /code or code [email protected] /code and delete code node_modules/plain-crypto-js/ /code . /li /ul /div div class="ListContainerWrapper SCXW94631961 BCX8" ul li Rotate/revoke credentials that may have been exposed on affected systems or pipelines (e.g., version control system [VCS] tokens, CI/CD secrets, cloud keys, npm tokens, and Secure Shell [SSH] keys). For ephemeral CI jobs, rotate all secrets injected into the compromised run. /li /ul /div div class="ListContainerWrapper SCXW94631961 BCX8" ul li Monitor for unexpected child processes and anomalous network behavior, specifically during code npm install /code or code npm update /code . ul li Block and monitor outbound connections to code Sfrclak[.]com /code domains. /li li Conduct continuous indicator searches and endpoint detection and response (EDR) hunts to confirm no indicators of compromise (IOCs) remain; ensure no further egress to the command and control (C2). /li /ul /li /ul div class="OutlineElement Ltr SCXW237985159 BCX8" p In addition, CISA recommends organizations using Axios npm: /p /div div class="ListContainerWrapper SCXW237985159 BCX8" ul li Mandate phishing-resistant multifactor authentication (MFA) on all developer accounts, especially for critical platforms. /li /ul /div div class="ListContainerWrapper SCXW237985159 BCX8" ul li Set code ignore-scripts
div class="OutlineElement Ltr SCXW178812853 BCX8" p CISA has added eight new vulnerabilities to its a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" u Known Exploited Vulnerabilities (KEV) Catalog /u /a , based on evidence of active exploitation. nbsp; /p /div div class="ListContainerWrapper SCXW178812853 BCX8" ul li a href="https://www.cve.org/CVERecord?id=CVE-2023-27351" target="_blank" u CVE-2023-27351 /u /a PaperCut NG/MF Improper Authentication Vulnerability /li li a href="https://www.cve.org/CVERecord?id=CVE-2024-27199" target="_blank" u CVE-2024-27199 /u /a JetBrains TeamCity Relative Path Traversal Vulnerability /li li a href="https://www.cve.org/CVERecord?id=CVE-2025-2749" target="_blank" u CVE-2025-2749 /u /a Kentico Xperience Path Traversal Vulnerability /li li a class="Hyperlink SCXW178812853 BCX8" href="https://www.cve.org/CVERecord?id=CVE-2025-32975" target="_blank" rel="noreferrer noopener" u CVE-2025-32975 /u /a Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability /li li a href="https://www.cve.org/CVERecord?id=CVE-2025-48700" target="_blank" u CVE-2025-48700 /u /a Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability /li li a href="https://www.cve.org/CVERecord?id=CVE-2026-20122" target="_blank" u CVE-2026-20122 /u /a Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability /li li a href="https://www.cve.org/CVERecord?id=CVE-2026-20128" target="_blank" u CVE-2026-20128 /u /a Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability /li li a href="https://www.cve.org/CVERecord?id=CVE-2026-20133" target="_blank" u CVE-2026-20133 /u /a Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability /li /ul p These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. nbsp; /p /div div class="OutlineElement Ltr SCXW178812853 BCX8" p a href="https://www.cisa.gov/binding-operational-directive-22-01" u Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities /u /a established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf" u BOD 22-01 Fact Sheet /u /a for more information. nbsp; /p /div div class="OutlineElement Ltr SCXW178812853 BCX8" p Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of a href="https://www.cisa.gov/known-exploite
The fastest way to fall in love with an AI tool is to watch the demo. Everything moves quickly. Prompts land cleanly. The system produces impressive outputs in seconds. It feels like the beginning of a new era for your team. But most AI initiatives don't fail because of bad technology. They stall because what worked in the demo doesn't survive contact with real operations. The gap between a
The New York Times has a long article where the author lays out an impressive array of circumstantial evidence that the inventor of Bitcoin is the cypherpunk Adam Back. I don’t know. The article is convincing, but it’s written to be convincing. I can’t remember if I ever met Adam. I was a member of the Cypherpunks mailing list for a while, but I was never really an active participant. I spent more time on the Usenet newsgroup sci.crypt. I knew a bunch of the Cypherpunks, though, from various conferences around the world at the time. I really have no opinion about who Satoshi Nakamoto really is.
Critical RCE flaw in protobuf.js lets attackers execute code via malicious schemas. Learn who is at risk, affected versions, and how to fix it.
Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain. "This flaw enables Arbitrary Command Execution (RCE) on any system running a vulnerable MCP implementation, granting attackers direct access to